Video on YouTube Demonstrates Seed-phrase Hack of Trezor T Wallet

The cybersecurity startup Unciphered published on YouTube a video demonstrating a successful breach of the popular hardware crypto wallet Trezor T from Satoshi Labs.

The company’s experts developed an “internal exploit” that allowed them to extract the wallet’s firmware, and using specialized GPUs cracked the seed phrase of the device.

“We have about ten GPUs, and after a while we retrieved the keys,” said Unciphered co-founder Eric Misho in the video.

The company noted that the hardware security mechanisms of the Trezor T model can theoretically be bypassed if a hacker has physical access to the wallet. In Misho’s view, to fix this exploit in the Trezor T would require recalling all released devices.

Earlier, Unciphered demonstrated a similar hack of a wallet produced by the Hong Kong company OneKey.

Trezor said that the vulnerability found by the experts appears to be a Read Protection Downgrade (RDP) attack. It enables, by impacting the STM32 microchip, to obtain the seed phrase for recovery, and then decrypt its PIN using a brute-force password attack.

This vulnerability was discovered in October 2019 by Kraken Security Labs researchers. It affected the Trezor T and Trezor One models.

Chief Technology Officer Tomáš Sushanka noted that such attacks require physical theft of the device, extremely deep technical knowledge, and sophisticated equipment.

“Even with the above, Trezor can be protected by a robust passphrase, which adds another layer of security, making downgrading to an earlier version of RDP useless,” he added.

To address this problem, Trezor, in collaboration with its subsidiary Tropic Square, developed a secure microchip for hardware wallets. The component is currently undergoing testing.

Earlier ForkLog reported that attackers stole $30,000 in bitcoins through a counterfeit hardware wallet.